Sign up for our weekly security newsletter

IU Researchers Gives Alert About Sites With Redirects

While presenting a study paper at the USENIX Workshop on Offensive Technologies in San Jose, California, doctoral scholars of Indiana University indicated that out of a total of 2.5 Million Websites surveyed in the research, over 128,000 Websites contained redirects, with 81% of these redirects being loosely secured.

The researchers also revealed that the redirect commands could be effectively compromised to send users to wrong Websites and by visiting these Websites, users placed their entire security at risk.

Disclosing further details about the research, the IU students said that the phishers distribute e-mails having URLs that although appear legitimate, but in fact divert users to malicious sites created by phishers themselves. Often the phishing scammers copy the graphics from the actual sites that fool victims who then divulge personal information.

Moreover, according to other participants in the study, Internet criminals may not find it difficult to start phishing scams, as tools essential to fulfill the various aspects of such scams are easily available on the Internet. Thus, these can be downloaded in the form of phishing toolkits along with manuals outlining the tactics for carrying out a phishing attack.

The researchers also stated a very common example of end-users being diverted to illegal Websites through legitimate URLs. This is when users type googel.com in the Web browser and a phishing scam directs them towards a compromised site, where all of their private details are hacked.

Further, according to the research's findings, businesses face problems due to the acts of redirecting to phishers' malicious sites because such redirects have a negative impact on business brands. With the phishing, frauds give negative publicity to the legitimate sites.

However, the researchers said that the security and safety of users' data is in their own hands. By being slightly tech-savvy and reserving personal information to himself and refraining from sharing them with anyone, an Internet user can play safe. Also, a user should not neglect the basic security systems, otherwise he/she could become an easy lure for phishers.